CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000209

HIGH
8.8
CVSS Severity Score
EPSS Score0.1540%
EPSS Percentile36.53th
PublishedJul 13, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.

Affected Platforms (CPE)

📦
Sensu

Sensu Core

< 1.4.2-3

References & Advisories

🔗 https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2
🔗 https://docs.sensu.io/sensu-core/1.4/changelog/#core-v1-4-2

Related Vulnerabilities

CVE-2018-10000609.8

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerabil...

CVE-2018-422910.0

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatc...

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...

CVE-2018-100065110.0

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidenti...